{% extends "xss/base.html" %}

{# subtopic_name should match string in nav.html #}
{% set subtopic_name = 'Secured With ESAPI' %}

{% block content %}

<p>The exercises on this page are rule-by-rule examples from the 
<a href="http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet">XSS (Cross Site Scripting) Prevention Cheat Sheet</a>.
The forms on this page <b>have</b> the proper escaping and encoding provided by ESAPI, as recommended in the Cheat Sheet.</p>

<p>Viewing this page in your browser will show that the attacks are no longer effective, and you can look at the source to see the escaping and encoding.</p>

<form name="form" method="POST">

{{ render_form(xss_rules) }}

</form>

{% endblock content %}
